azure-cli: Deleted keyvault with option --enable-soft-delete true does not appear in list of deleted keyvaults
Describe the bug
I create a keyvault with --enable-soft-delete true and then delete this keyvault. The keyvault does not show up in az keyvault list-deleted afterwards, the keyvault can’t be purged with az keyvault purge <kv_name>, and a new keyvault of the same name can not be created.
To Reproduce
$:~/$ az keyvault list
[]
$:~/$ az keyvault create --name test-kv123123123123 --resource-group $RESOURCE_GROUP_NAME --enabled-for-template-deployment true --enable-soft-delete true
{- Finished ..
"id": "/subscriptions/<some-guid>/resourceGroups/<my-resource-group>/providers/Microsoft.KeyVault/vaults/test-kv123123123123",
"location": "norwayeast",
"name": "test-kv123123123123",
"properties": {
"accessPolicies": [
{
"applicationId": null,
"objectId": "<some-guid>",
"permissions": {
"certificates": [
"get",
"list",
"delete",
"create",
"import",
"update",
"managecontacts",
"getissuers",
"listissuers",
"setissuers",
"deleteissuers",
"manageissuers",
"recover"
],
"keys": [
"get",
"create",
"delete",
"list",
"update",
"import",
"backup",
"restore",
"recover"
],
"secrets": [
"get",
"list",
"set",
"delete",
"backup",
"restore",
"recover"
],
"storage": [
"get",
"list",
"delete",
"set",
"update",
"regeneratekey",
"setsas",
"listsas",
"getsas",
"deletesas"
]
},
"tenantId": "<some-guid>"
}
],
"createMode": null,
"enablePurgeProtection": null,
"enableRbacAuthorization": null,
"enableSoftDelete": true,
"enabledForDeployment": false,
"enabledForDiskEncryption": null,
"enabledForTemplateDeployment": true,
"networkAcls": null,
"privateEndpointConnections": null,
"provisioningState": "Succeeded",
"sku": {
"name": "standard"
},
"softDeleteRetentionInDays": 90,
"tenantId": "<some-guid>",
"vaultUri": "https://test-kv123123123123.vault.azure.net/"
},
"resourceGroup": "<my-resource-group>",
"tags": {},
"type": "Microsoft.KeyVault/vaults"
}
$:~/$ az keyvault delete --name test-kv123123123123 --resource-group $RESOURCE_GROUP_NAME --verbose
Configured default '<my-resource-group>' for arg resource_group_name
Command ran in 3.691 seconds (init: 0.139, invoke: 3.552)
$:~/$ az keyvault list-deleted []
[]
$:~/$ az keyvault purge --name test-kv123123123123
No deleted vault was found with name test-kv123123123123
$:~/$ az keyvault create --name test-kv123123123123 --resource-group $RESOURCE_GROUP_NAME --enabled-for-template-deployment true --enable-soft-delete false
The property "enableSoftDelete" can be set to false only for creating new vault. Enabling the 'soft delete' functionality is an irreversible action.
Expected behavior
After running az keyvault create --name test-kv123123123123 --resource-group $RESOURCE_GROUP_NAME --enabled-for-template-deployment true --enable-soft-delete true and az keyvault delete --name test-kv123123123123 --resource-group $RESOURCE_GROUP_NAME --verbose, the command az keyvault list-deleted should return a list which includes the recently deleted keyvault, and az keyvault purge --name test-kv123123123123 should purge the deleted keyvault.
Environment summary
Using Azure CLI 2.9.0 on WSL Ubuntu 20.04, Windows 10.
az version
{
"azure-cli": "2.9.0",
"azure-cli-command-modules-nspkg": "2.0.3",
"azure-cli-core": "2.9.0",
"azure-cli-nspkg": "3.0.4",
"azure-cli-telemetry": "1.0.4",
"extensions": {}
}
Additional context
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 19 (8 by maintainers)
Hey Same Problem … i mean BIG PROBLEM. I am testing the Azure CAF Landing Zones using Terraform. The workflow would try to create a keyvault during the process and later i will destroy the resources. Yesterday I ran it for the first time and it created a KV by the name of Launchpad in my subscription. Later i destroyed the resources and after some time tried running the deployment script again. BOOM … there was an error - saying KV with name Launchpad already exists. I went to portal and manually tried to create with same name and got same error.
Funny thing is if i am searching (and i am using Cloud Shell running latest v 2.11.1) with az keyvault list-deleted there is no output. Please can someone help me ???
Please fix this problem. I now have a new subscription and tenant however keyvault with the name “launchpad” still can not be created.